Data Breach Today
JANUARY 24, 2025
Why MFA and Data Minimization Remain Key for Preventing Massive Data Breaches While PowerSchool's investigation into the massive theft of its customers' data is continuing, clear lessons have already emerged. Count among them the importance of using multifactor authentication, which could have safeguarded access to PowerSchool's exploited customer support systems.
WIRED Threat Level
JANUARY 23, 2025
Now-fixed web bugs allowed hackers to remotely unlock and start millions of Subarus. More disturbingly, they could also access at least a year of cars location historiesand Subaru employees still can.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Data Breach Today
JANUARY 24, 2025
Operator Cannot Yet Reliably Perform Complex, Customized Tasks OpenAI introduced an AI agent capable of independent action with the launch of Operator, an general-purpose AI tool that interacts with websites to perform tasks. The agent can navigate menus and complete forms to do tasks such as travel booking, ordering takeout, buying stuff or scheduling tasks.
KnowBe4
JANUARY 20, 2025
An SMS phishing (smishing) campaign is attempting to trick Apple device users into disabling measures designed to protect them against malicious links, BleepingComputer reports.
Advertiser: ZoomInfo
AI adoption is reshaping sales and marketing. But is it delivering real results? We surveyed 1,000+ GTM professionals to find out. The data is clear: AI users report 47% higher productivity and an average of 12 hours saved per week. But leaders say mainstream AI tools still fall short on accuracy and business impact. Download the full report today to see how AI is being used — and where go-to-market professionals think there are gaps and opportunities.
Security Affairs
JANUARY 19, 2025
A WordPress W3 Total Cache plugin vulnerability could allow attackers to access information from internal services, including metadata on cloud-based apps. A severe vulnerability, tracked as CVE-2024-12365 (CVSS score of 8.5) in the WordPress W3 Total Cache plugin could expose metadata from internal services and cloud apps. The WordPress W3 Total Cache plugin is a popular performance optimization tool designed to improve the speed and efficiency of WordPress websites.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
WIRED Threat Level
JANUARY 18, 2025
TikTok is now unavailable in the United Statesand getting around the ban isnt as simple as using a VPN. Heres what you need to know.
Schneier on Security
JANUARY 20, 2025
President Biden has signed a new cybersecurity order. It has a bunch of provisions, most notably using the US governments procurement power to improve cybersecurity practices industry-wide. Some details : The core of the executive order is an array of mandates for protecting government networks based on lessons learned from recent major incidents—namely, the security failures of federal contractors.
Security Affairs
JANUARY 20, 2025
Researchers linked the threat actor DoNot Teamto a new Android malware that was employed in highly targeted cyber attacks. CYFIRMA researchers linked a recently discovered Android malware to the Indian APT group known as DoNot Team. The Donot Team (aka APT-C-35 and Origami Elephant) has been active since 2016, it focuses ongovernment and military organizations, ministries of foreign affairs, and embassies in India, Pakistan, Sri Lanka, Bangladesh, and other South Asian countries.
KnowBe4
JANUARY 22, 2025
Researchers at Malwarebytes are tracking a major malvertising campaign thats abusing Google Ads to target individuals and businesses interested in advertising.
Speaker: Ben Epstein, Stealth Founder & CTO | Tony Karrer, Founder & CTO, Aggregage
When tasked with building a fundamentally new product line with deeper insights than previously achievable for a high-value client, Ben Epstein and his team faced a significant challenge: how to harness LLMs to produce consistent, high-accuracy outputs at scale. In this new session, Ben will share how he and his team engineered a system (based on proven software engineering approaches) that employs reproducible test variations (via temperature 0 and fixed seeds), and enables non-LLM evaluation m
Collaboration 2.0
JANUARY 21, 2025
God Mode provides easy access to an array of Windows settings from one single window. Here's how it works.
Data Breach Today
JANUARY 23, 2025
The pace of change including the rise of artificial intelligence and a sense of accelerating chaos can make cybersecurity professionals feel like "things are kind of everything, everywhere, all at once," said Black Hat conference founder Jeff Moss. How should they respond?
Security Affairs
JANUARY 24, 2025
Threat actors are targeting Juniper routers with a custom backdoor in a campaign called code-named “J-magic,” attackers are exploiting a Magic Packet flaw. Lumen Technologies researchers reported that the J-magic campaign targets Juniper routers with a custom backdoor using a passive agent based on the cd00r variant (an open-source backdoor by fx ).
WIRED Threat Level
JANUARY 18, 2025
Plus: New details emerge about Chinas cyber espionage against the US, the FBI remotely uninstalls malware on 4,200 US devices, and victims of the PowerSchool edtech breach reveal what hackers stole.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Collaboration 2.0
JANUARY 24, 2025
Impersonating a well-known brand is an easy way for scammers to get people to click their malicious links. Here's what to watch for.
Data Breach Today
JANUARY 23, 2025
Also: US Prosecutors Charge Suspected North Korean IT Worker Collaborators This week, researchers spied Palo Alto firewall flaws, a North Korean IT worker conspiracy, ChatGPT as DDoS vector. Chinese hackers targeted a VPN maker, a fake PyPi package and a Russian threat actor shifted tactics. BreachForums admin faces prison and scammers used the release of Ross Ulbricht.
Security Affairs
JANUARY 20, 2025
Researchers found malicious npm and PyPI packages capable of stealing and deleting sensitive data from infected systems. Socket researchers have identified multiple packages in the npm and Python Package Index (PyPI) repository designed to target Solana private keys and drain funds from victims’ wallets. The malicious npm packages allowed the threat actors to exfiltrate Solana private keys via Gmail.
Thales Cloud Protection & Licensing
JANUARY 22, 2025
HHS Office for Civil Rights Proposes Measures to Strengthen Cybersecurity in Health Care Under HIPAA madhav Thu, 01/23/2025 - 06:25 Data Breaches in Healthcare: Why Stronger Regulations Matter A data breach involving personal health information isnt just about stolen filesits a gut punch to trust and a serious shake-up to peoples lives. Think about it: sharing your deepest, most personal health concerns, only to have them spilled out into the world because of a cyberattack.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Collaboration 2.0
JANUARY 21, 2025
Computers running the Home and Pro flavors of Windows 11 23H2 and 22H2 will gradually be updated, whether you like it or not.
Data Breach Today
JANUARY 23, 2025
Hackers Unlikley to Exploit Flaws in The Wild Security researchers found an unpatchable flaw in the system that prevents commercial aircraft from crashing into each other, the U.S.
Security Affairs
JANUARY 22, 2025
Two ransomware groups exploiting Microsoft 365 services and default settings to target internal enterprise users. Sophos researchers started investigating two distinct clusters of activity, tracked as STAC5143 and STAC5777, in response to customer ransomware attacks in November and December 2024. Threat actors used their own Microsoft 365 tenants and exploited a default Teams setting allowing external users to contact internal users for attacks.
OpenText Information Management
JANUARY 24, 2025
Economists predict businesses will have little choice but to pass the cost of proposed tariffs on to customers for anything from clothing, food, automobiles, energy, and more. Enterprise businesses may be able to absorb some of tariff-related costs to limit their impact, but small to mid-sized businesses risk losing customers altogether if prices spike too high too fast even despite easing inflation.
Advertiser: ZoomInfo
ZoomInfo customers aren’t just selling — they’re winning. Revenue teams using our Go-To-Market Intelligence platform grew pipeline by 32%, increased deal sizes by 40%, and booked 55% more meetings. Download this report to see what 11,000+ customers say about our Go-To-Market Intelligence platform and how it impacts their bottom line. The data speaks for itself!
Collaboration 2.0
JANUARY 21, 2025
Even though we share just 1% of our DNA, my third cousin and I used AI to connect the dots between generations. Here's how and what we learned.
Data Breach Today
JANUARY 20, 2025
Hackers Using Valid Customer Credentials to Re-Encrypt S3 Objects Amazon is urging its customers to deploy additional security measures to secure S3 buckets following reports of ransomware attacks targeting the platform. The company said mitigations prevented "a high percentage of attempts from succeeding.
Security Affairs
JANUARY 24, 2025
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SonicWall SMA1000 vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a SonicWall SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC) vulnerability, tracked as CVE-2025-23006 to its Known Exploited Vulnerabilities (KEV) catalog.
OpenText Information Management
JANUARY 24, 2025
As global leaders converge at Davos for the World Economic Forum 2025, safeguarding our planet is one of five key themes in this years forum. The theme explores, how can we catalyze energy, climate and nature action through innovative partnerships, increased financing and the deployment of frontier technologies. I see this theme very much encompassing the information management software technology domain as one of those frontier technology areas.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Collaboration 2.0
JANUARY 19, 2025
The Galaxy S25 series is slated to be announced on Wednesday, but we may also get surprise appearances on the wearables side.
Data Breach Today
JANUARY 24, 2025
With the pace of global change so often creating a sense of accelerating chaos, it's easy to view cyber defenders as firefighters constantly on call. But Black Hat conference founder and creator Jeff Moss warned that "things have been on fire for as long as I can remember.
Security Affairs
JANUARY 24, 2025
SonicWall warns customers of a critical zero-day vulnerability in SMA 1000 Series appliances, likely exploited in the wild. SonicWall is waring customers of a critical security vulnerability, tracked as CVE-2025-23006 (CVSS score of 9,8) impacting its Secure Mobile Access (SMA) 1000 Series appliances. The vulnerability is a Pre-authentication deserialization of untrusted data issue in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC) that has been likely exploit
Expert insights. Personalized for you.
162 
Let's personalize your content